<?php
// It is important to sanitize
// input! Otherwise, a bad actor
// could enter '<script src="evilscript.js"></script>'
// in a URL parameter. Assuming you echo it, this
// would inject scripts in an XSS attack.
//
// The solution:
$NAME = $_GET['NAME'];
// Bad:
echo $NAME;
// that one is vulnerable to XSS
// Good:
echo htmlspecialchars($NAME);
// Sanitizes input thoroughly.
?>
$_GET
$HTTP_GET_VARS [deprecated]
(PHP 4 >= 4.1.0, PHP 5)
$_GET -- $HTTP_GET_VARS [deprecated] — HTTP GET variables
說明
An associative array of variables passed to the current script via the URL parameters.
$HTTP_GET_VARS contains the same initial information, but is not a superglobal. (Note that $HTTP_GET_VARS and $_GET are different variables and that PHP handles them as such)
更新日誌
| 版本 | 說明 |
|---|---|
| 4.1.0 | Introduced $_GET that deprecated $HTTP_GET_VARS. |
範例
Example #1 $_GET example
<?php
echo 'Hello ' . htmlspecialchars($_GET["name"]) . '!';
?>
Assuming the user entered http://example.com/?name=Hannes
上例的輸出類似於:
Hello Hannes!
註釋
Note:
"Superglobal" 也稱為自動的全域變數。這表示在腳本的所有範圍(scope)中都是可用的。不需要在函式或方法中用 global $variable; 來存取它。
Note:
The GET variables are passed through urldecode().
add a note
User Contributed Notes 1 note
An Anonymous User ¶
2 years ago
